Quick Links

Re: CVE-2013-1899 security issue and limited IP addresses in pg_hba.conf

From:	Devrim Gündüz <devrim(at)gunduz(dot)org>
To:	Mads(dot)Tandrup(at)schneider-electric(dot)com,pgsql-general(at)postgresql(dot)org
Subject:	Re: CVE-2013-1899 security issue and limited IP addresses in pg_hba.conf
Date:	2013-04-04 16:43:34
Message-ID:	d252077c-7ce0-4d48-91bd-5d32cc99de88@email.android.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

Hi,

pg_hba.conf does not have protection for this security issue.

Regards, Devrim

Mads(dot)Tandrup(at)schneider-electric(dot)com wrote:

>Hi All
>
>
>I'm trying to understand the implications of the latest security fix to
>postgresql [1].
>
>
>We have a setup were we in pg_hba.conf have limited the allowed IP
>addresses of the clients. But does anyone know if CVE-2013-1899 allows
>an arbitrary attacker to use the exploits described in [1]?
>
>
>We are using PostgreSQL 8.4.
>
>
>Best regards,
>
>Mads
>
>
>[1] http://www.postgresql.org/support/security/faq/2013-04-04/

--
Devrim Gündüz

In response to

CVE-2013-1899 security issue and limited IP addresses in pg_hba.conf at 2013-04-04 16:39:22 from Mads.Tandrup

Browse pgsql-general by date

	From	Date	Subject
Next Message	Bruce Momjian	2013-04-04 16:44:37	Re: CVE-2013-1899 security issue and limited IP addresses in pg_hba.conf
Previous Message	Mads.Tandrup	2013-04-04 16:39:22	CVE-2013-1899 security issue and limited IP addresses in pg_hba.conf